By John LaCour | December 14, 2021
Attacks targeting enterprises on Social Media have increased 82% since January, according to PhishLabs Quarterly Threat Trends & Intelligence Report. Threat actors are increasingly abusing Social Media to launch attacks, as lack of security vigilance among users and critical brand presence among organizations makes platforms a desirable way to engage in malicious activity and spoof legitimate businesses.
Every quarter, PhishLabs analyzes hundreds of thousands of phishing and Social Media attacks targeting brands and their employees. In this post, we take a look at the trending Social Media threats and the industries they are targeting.
Attacks on the Rise
Attacks on Social Media have steadily grown since the beginning of the year when, at the time, the average organization faced 34 attacks per month. In Q3, the average business experienced 61 attacks per month.
While the average represents a variety of enterprises and may fluctuate by industry, this increase is significant, and should serve as a warning for security teams to more closely monitor and manage Social Media activity.
Top Threat Types
Fraud-related threat types drive the majority of attacks on Social Media. In Q3, this threat type decreased slightly, yet still contributed to 43.4% of all threats encountered. Fraud on Social Media includes the unauthorized sale of account credentials, exposure of banking details, deposit fraud, and other financial threats.
Cyber Threats experienced the greatest increase among Social Media threat types in Q3, contributing to approximately one quarter of attacks. A Cyber Threat may take the form of an intentional action designed to cause cyber risk to the target, such as a hacking attempt.
Impersonation also increased, making up nearly one quarter (24.6%) of all Social Media attacks. Impersonation can manifest as a spoofed corporate brand, executive, or employee with the intent to trick a target into performing a desired action.
Additional threat types commonly seen were Data Leaks (7.1%) and Physical Threats (.18%).
In Q3, attacks on Payment Services increased 7.3%, making it the industry targeted most by Social Media attacks. Repeatedly, the services delivered by this industry are heavily targeted due to their broad application throughout a variety of business sectors. Almost 80% of Social Media threats targeting Payment Services took the form of Deposit Fraud.
Broadcast Media was targeted 9.1% of the time. This makes the industry the second most targeted in Q3.
Staffing and Recruiting, previously outside the Top 10, increased almost 4% from Q2, making it the fourth most targeted industry. We can speculate that this increase in attacks is attributed to threat actors manipulating job seekers during end-of-year recruiting. More than 97% of attacks on Staffing and Recruiting were classified as Brand Impersonation.
Other Industries Targeted:
- Dating 4.8%
- Ecommerce 3.8%
- Retail 3.7%
- Telecom 2.4%
- Computer Software 1.9%
- Cryptocurrency 1.8%
Social Media threats targeting enterprises continue to climb, with the average organization now experiencing two attacks per day. Security teams should prioritize actions detecting threats on Social Media and take actions that will promote proactive remediation. PhishLabs will continue to report on Social Media attack volume as it occurs.